diff options
| author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:15:18 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-08 22:11:51 -0800 |
| commit | 18ad8104e674ec8e1fb74d15a248680e51044854 (patch) | |
| tree | 7f69ab6548c6e13babbcd5835ea09a6ecbee2c3d /modules/pam_unix/support.c | |
| parent | 4b2748e1c594a8175dfa83b6dc321291da012882 (diff) | |
| parent | c55c14c5c6762139ec6695d84ea0e2e917da5264 (diff) | |
| download | pam-18ad8104e674ec8e1fb74d15a248680e51044854.tar.gz pam-18ad8104e674ec8e1fb74d15a248680e51044854.tar.bz2 pam-18ad8104e674ec8e1fb74d15a248680e51044854.zip | |
merge upstream version 1.1.5
Diffstat (limited to 'modules/pam_unix/support.c')
| -rw-r--r-- | modules/pam_unix/support.c | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/modules/pam_unix/support.c b/modules/pam_unix/support.c index bddafd4b..cc350e58 100644 --- a/modules/pam_unix/support.c +++ b/modules/pam_unix/support.c @@ -83,7 +83,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, } /* now parse the arguments to this module */ - while (argc-- > 0) { + for (; argc-- > 0; ++argv) { int j; D(("pam_unix arg: %s", *argv)); @@ -99,24 +99,37 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, pam_syslog(pamh, LOG_ERR, "unrecognized option [%s]", *argv); } else { - ctrl &= unix_args[j].mask; /* for turning things off */ - ctrl |= unix_args[j].flag; /* for turning things on */ - /* special cases */ - if (remember != NULL && j == UNIX_REMEMBER_PASSWD) { + if (j == UNIX_REMEMBER_PASSWD) { + if (remember == NULL) { + pam_syslog(pamh, LOG_ERR, + "option remember not allowed for this module type"); + continue; + } *remember = strtol(*argv + 9, NULL, 10); if ((*remember == INT_MIN) || (*remember == INT_MAX)) *remember = -1; if (*remember > 400) *remember = 400; - } else if (pass_min_len && j == UNIX_MIN_PASS_LEN) { + } else if (j == UNIX_MIN_PASS_LEN) { + if (pass_min_len == NULL) { + pam_syslog(pamh, LOG_ERR, + "option minlen not allowed for this module type"); + continue; + } *pass_min_len = atoi(*argv + 7); - } - if (rounds != NULL && j == UNIX_ALGO_ROUNDS) + } else if (j == UNIX_ALGO_ROUNDS) { + if (rounds == NULL) { + pam_syslog(pamh, LOG_ERR, + "option rounds not allowed for this module type"); + continue; + } *rounds = strtol(*argv + 7, NULL, 10); - } + } - ++argv; /* step to next argument */ + ctrl &= unix_args[j].mask; /* for turning things off */ + ctrl |= unix_args[j].flag; /* for turning things on */ + } } if (UNIX_DES_CRYPT(ctrl) @@ -132,7 +145,7 @@ int _set_ctrl(pam_handle_t *pamh, int flags, int *remember, int *rounds, } /* Set default rounds for blowfish */ - if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl)) { + if (on(UNIX_BLOWFISH_PASS, ctrl) && off(UNIX_ALGO_ROUNDS, ctrl) && rounds != NULL) { *rounds = 5; set(UNIX_ALGO_ROUNDS, ctrl); } @@ -493,14 +506,12 @@ static int _unix_run_helper_binary(pam_handle_t *pamh, const char *passwd, if (passwd != NULL) { /* send the password to the child */ if (write(fds[1], passwd, strlen(passwd)+1) == -1) { pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); - close(fds[1]); retval = PAM_AUTH_ERR; } passwd = NULL; } else { /* blank password */ if (write(fds[1], "", 1) == -1) { pam_syslog (pamh, LOG_ERR, "Cannot send password to helper: %m"); - close(fds[1]); retval = PAM_AUTH_ERR; } } |